Calderoni et al. J Surveill Secur Saf 2020;1:106-18  I  http://dx.doi.org/10.20517/jsss.2019.01                                            Page 109














































               Figure 2. The file system mounted in the user memory. The three elementary files listed under the dedicated file are standard data files,
               according to ISO/IEC 7816-4. MF: master file; DF: dedicated file; CC: capability container; SDM: secure dynamic messaging; UID: unique
               tag identifier; NDEF: NFC data exchange format; NFC: near field communication

                                                                                               [23]
               The second file is also known as the NDEF file and contains an NDEF-formatted message . NDEF is
               a lightweight, binary message format that can be used to encapsulate one or more application-defined
               payloads of arbitrary type and size into a single message construct. Each payload is composed of a type,
               length, and optional id. Just as an example, identifiers may be represented by URIs, MIME media types, or
               other NFC-specific types. This file is also designed to support secure dynamic messaging (SDM) and data
               mirroring. These options extend the security and privacy features offered by this tag and will be discussed
               in the next sections.


               The third file is a proprietary NXP file which is read- and write-protected and contains raw data. At the
               production stage, access to this file is restricted using two different application keys, one for reading
               operations and one for writing operations. This condition is better exemplified in the “Results” section.


               The RFID device also includes nine cryptographic keys, designed to be used as advanced encryption
                                [24]
               standard (AES) keys . Four keys are provided at the tag level (MF). They are also referred to as originality
               keys. The other five keys are instead included at the application level (DF) and are referred to as application
               keys. Originality keys are stored in ROM and may never be removed or updated after chip production.
               Conversely, application keys are part of the user memory (EEPROM) and may be updated to customize the
               tag for application-specific scenarios. Each of these nine keys may be used to perform an authentication
               procedure between the tag and a reader. Moreover, to update any of the app keys, a successful